The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2006-3467 to this issue.

gnutls < TSL 3.0 >- SECURITY Fix: A vulnerability has been reported in GnuTLS, causeddue to an error in the verification of certain signatures. If aRSA key with exponent 3 is used, it may be possible to forge PKCS#1 v1.5 signatures signed with that key.

The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2006-4790 to this issue.

gzip < TSL 3.0 > < TSL 2.2 > < TSEL 2 >- SECURITY Fix: Tavis Ormandy, Google Security Team, has reportedsome vulnerabilities in gzip, which can be exploited by maliciouspeople to cause a DoS and potentially compromise a vulnerable system.- Fix null pointer dereference that may lead to denial of service ifgzip is used in an automated manner.- A boundary error within the make_table() function in unlzh.c can beused to modify certain stack data. This can be exploited to cause aDoS and potentially allows to execute arbitrary code.- A buffer underflow exists within the build_tree() function inunpack.c, which can be exploited to cause a DoS and potentiallyallows to execute arbitrary code.- A buffer overflow within the make_table() function of gzip's LZHsupport can be exploited to cause a DoS and potentially to compromisea vulnerable system by e.g. tricking a user or automated system intounpacking an archive containing a specially crafted decoding table.- unlzh.c in the LHZ component in gzip allows context-dependentattackers to cause a denial of service (infinite loop) via a craftedGZIP archive.

The Common Vulnerabilities and Exposures project (cve.mitre.org) hasassigned the names CVE-2006-4334, CVE-2006-4335, CVE-2006-4336,CVE-2006-4337 and CVE-2006-4338 to these issues.

Solution:Update your system with the packages as indicated inthe referenced security advisory.